好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。用户已经给出了文章的具体内容,我需要先仔细阅读并理解文章的主要信息。 文章主要讲的是英国的国家网络安全中心(NCSC)推出了一项名为Proactive Notifications的新服务,并进入测试阶段。这项服务通过网络安全公司Netcraft提供,利用公开信息和互联网扫描来识别组织中的漏洞,并主动通知他们,提供具体的软件更新建议,比如CVE漏洞或弱加密问题。NCSC强调这些扫描和通知是基于外部观察,符合《计算机滥用法》。此外,邮件来自netcraft.com,不带附件,也不会要求支付或个人信息。目前这个试点项目覆盖英国的域名和IP地址,但不会涵盖所有系统或漏洞,建议组织同时注册更成熟的Early Warning服务以获得更全面的安全警报。两项服务结合起来形成分层安全策略。 接下来,我需要将这些信息浓缩到100字以内。重点包括:NCSC推出Proactive Notifications测试服务,通过Netcraft基于公开信息和扫描识别漏洞并通知组织;邮件无附件和支付请求;覆盖英国域名/IP;建议结合Early Warning服务形成分层安全策略。 可能的结构是:NCSC推出新服务Proactive Notifications进入测试阶段,通过Netcraft利用公开信息和扫描识别漏洞并通知组织;邮件无附件和支付请求;覆盖英国域名/IP;建议结合Early Warning形成分层安全策略。 检查字数是否在100字以内,并确保没有使用“这篇文章”等开头。 </think> 英国国家网络安全中心(NCSC)推出新服务“主动通知”进入测试阶段,旨在通过网络安全公司Netcraft利用公开信息和互联网扫描识别组织中的漏洞,并提供具体软件更新建议。邮件来自netcraft.com地址,无附件或支付请求。该试点项目覆盖英国域名和IP地址,建议结合“早期预警”服务形成分层安全策略。 2025-12-4 22:31:1 Author: www.bleepingcomputer.com(查看原文) 阅读量:3 收藏
The UK's National Cyber Security Center (NCSC) announced the testing phase of a new service called Proactive Notifications, designed to inform organizations in the country of vulnerabilities present in their environment.
The service is delivered through cybersecurity firm Netcraft and is based on publicly available information and internet scanning.
The NSCS will identify organizations that lack essential security services and will contact them with specific software update recommendations that address unpatched vulnerabilities.
This may include recommendations on specific CVEs or general security issues, such as the use of weak encryption.
“Scanning and notifications will be based on external observations such as the version number publicly advertised by the software,” NCSC explains, adding that this activity is “in compliance with the Computer Misuse Act.”
The agency highlights that the emails sent through this service originate from netcraft.com addresses, do not include attachments, and do not request payments, personal, or other type of information.
BleepingComputer learned that the pilot program will cover UK domains and IP addresses from Autonomous System Numbers (ASNs) in the country.
The service will not cover all systems or vulnerabilities, though, and the recommendation is that entities do not rely on it alone for security alerts.
Organizations are strongly encouraged to sign up for the more mature ‘Early Warning’ service to receive timely notifications for security issues affecting their networks.
Early Warning is a free service from NCSC that alerts on potential cyberattacks, vulnerabilities, or other suspicious activity in a company's network.
It works by aggregating public, private, and government cyber-threat intelligence feeds and cross-referencing them with the domains and IP addresses of enrolled organizations to spot signs of active compromises.
Proactive Notification is triggered before a direct threat or compromise is detected, when NCSC becomes aware of a risk relevant to an organization’s setup.
Together, the two services will form a layered security approach. Proactive Notification helps with hardening systems and reducing risks, while Early Warning will pick up what still manages to slip through.
The NCSC has not provided a timeline for the Proactive Notifications program exiting the pilot phase and becoming more broadly available.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
如有侵权请联系:admin#unsafe.sh